def _validate_iptables_rules(self, vms):
"""Check if rules from iptables firewall are configured.
Raises IptablesNotConfiguredException exception if no rules are found.
"""
for vm in vms:
vm_tap_device = iptables_firewall.get_hybrid_port_name(
vm.neutron_port['id'])
filter_rules = self.iptables_manager.get_rules_for_table('filter')
if not any(vm_tap_device in line for line in filter_rules):
raise IptablesNotConfiguredException(
"There are no iptables rules configured for interface %s" %
vm_tap_device)
def _validate_iptables_rules(self, vms):
"""Check if rules from iptables firewall are configured.
Raises IptablesNotConfiguredException exception if no rules are found.
"""
for vm in vms:
vm_tap_device = iptables_firewall.get_hybrid_port_name(
vm.neutron_port['id'])
filter_rules = self.iptables_manager.get_rules_for_table('filter')
if not any(vm_tap_device in line for line in filter_rules):
raise IptablesNotConfiguredException(
"There are no iptables rules configured for interface %s" %
vm_tap_device)
def _validate_stateless_rules(self, vms):
"""Check if stateless rules from iptables firewall are configured.
Raises StatelessRulesNotConfiguredException exception if no stateless
rules are found.
"""
for vm in vms:
iptables = iptables_manager.IptablesManager(
namespace=vm.host.host_namespace)
vm_tap_device = iptables_firewall.get_hybrid_port_name(
vm.neutron_port['id'])
common_utils.wait_until_true(
lambda: self._is_stateless_configured(iptables, vm_tap_device),
exception=StatelessRulesNotConfiguredException(
"There are no stateless rules configured for "
"interface %s" % vm_tap_device))
def hybrid_plug_port(self, port_name):
"""Plug port with linux bridge in the middle.
"""
ip_wrapper = ip_lib.IPWrapper(self.namespace)
qvb_name, qvo_name = self._get_veth_pair_names(self.port_id)
qvb, qvo = self.useFixture(NamedVethFixture(qvb_name, qvo_name)).ports
qvb.link.set_up()
qvo.link.set_up()
qbr_name = self._get_br_name(self.port_id)
self.qbr = self.useFixture(
LinuxBridgeFixture(qbr_name,
namespace=None,
prefix_is_full_name=True)).bridge
self.qbr.link.set_up()
self.qbr.setfd(0)
self.qbr.disable_stp()
self.qbr.addif(qvb_name)
qvo_attrs = ('external_ids', {
'iface-id': self.port_id,
'iface-status': 'active',
'attached-mac': self.mac
})
self.bridge.add_port(qvo_name, qvo_attrs)
# NOTE(jlibosva): Create fake vm port, instead of tap device, we use
# veth pair here in order to be able to attach it to linux bridge in
# root namespace. Name with tap is in root namespace and its peer is in
# the namespace
hybrid_port_name = iptables_firewall.get_hybrid_port_name(self.port_id)
bridge_port, self.port = self.useFixture(
NamedVethFixture(hybrid_port_name)).ports
self.addCleanup(self.port.link.delete)
ip_wrapper.add_device_to_namespace(self.port)
bridge_port.link.set_up()
self.qbr.addif(bridge_port)
self.port.link.set_address(self.mac)
self.port.link.set_up()
def hybrid_plug_port(self, port_name):
"""Plug port with linux bridge in the middle.
"""
ip_wrapper = ip_lib.IPWrapper(self.namespace)
qvb_name, qvo_name = self._get_veth_pair_names(self.port_id)
qvb, qvo = self.useFixture(NamedVethFixture(qvb_name, qvo_name)).ports
qvb.link.set_up()
qvo.link.set_up()
qbr_name = self._get_br_name(self.port_id)
self.qbr = self.useFixture(
LinuxBridgeFixture(qbr_name,
namespace=None,
prefix_is_full_name=True)).bridge
self.qbr.link.set_up()
self.qbr.setfd(0)
self.qbr.disable_stp()
self.qbr.addif(qvb_name)
qvo_attrs = ('external_ids', {'iface-id': self.port_id,
'iface-status': 'active',
'attached-mac': self.mac})
self.bridge.add_port(qvo_name, qvo_attrs)
# NOTE(jlibosva): Create fake vm port, instead of tap device, we use
# veth pair here in order to be able to attach it to linux bridge in
# root namespace. Name with tap is in root namespace and its peer is in
# the namespace
hybrid_port_name = iptables_firewall.get_hybrid_port_name(self.port_id)
bridge_port, self.port = self.useFixture(
NamedVethFixture(hybrid_port_name)).ports
self.addCleanup(self.port.link.delete)
ip_wrapper.add_device_to_namespace(self.port)
bridge_port.link.set_up()
self.qbr.addif(bridge_port)
self.port.link.set_address(self.mac)
self.port.link.set_up()
